[Snort-users] capturing on the wrong nic

Chris Copeland roninuta at ...11827...
Mon Oct 18 20:56:52 EDT 2010


 I used the following guide:
 http://it.thelibrarie.com/weblog/2010/06/installing-snort-on-ubuntu-10-04/

 but when I was testing to start snort I used the command: snort -c
 /etc/snort/snort.conf -i eth1

 did I miss something?

> On Mon, Oct 18, 2010 at 7:48 PM, Joel Esler <jesler at ...1935...> wrote:
>> You can specify the interface that Snort is listening on by using the -i command line tag.
>>
>> like snort -i eth0 or snort -i eth1.
>>
>> Joel
>>
>> On Oct 18, 2010, at 8:41 PM, Chris Copeland wrote:
>>
>>> Yep, total newbie here, but I have managed to do the following:
>>> install LAMP, install snort, configure 2 eth devices, install base,
>>> and capture traffic, the only problem is that it is traffic on the
>>> management nic, not the nic I have plugged in to my hub (the one I
>>> want sniffing).
>>>
>>> topology:
>>> cable modem
>>> -> hub -> snortTest
>>> -> hub -> firewall/wireless router -> home network devices
>>>
>>> I know this has to be a setting in the conf file, at least I think it does.
>>>
>>> My internal IP: 10.0.1.15
>>> from the snort.conf:
>>> var HOME_NET 10.0.1.0/24
>>> var EXTERNAL_NET any
>>>
>>> eth0 - management nic
>>> eth1 - sniffer nic
>>>
>>> what am I doing wrong?
>>>
>>> Thanks in advance!!!
>>>
>>> ------------------------------------------------------------------------------
>>> Download new Adobe(R) Flash(R) Builder(TM) 4
>>> The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly
>>> Flex(R) Builder(TM)) enable the development of rich applications that run
>>> across multiple browsers and platforms. Download your free trials today!
>>> http://p.sf.net/sfu/adobe-dev2dev
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> --
>> Joel Esler
>> 302-223-5974
>>
>>

-- 
Chris Copeland
clcopeland at ...15006...
chris at ...15007...
817.791.6728 cell
KF5BND




More information about the Snort-users mailing list